Can't use BinarySecurityToken and Secret Generated

Iam using dotnet 4.5 to integrating with Zatca as below, and iam still on developer edition:
1- i used CsrGenerator to get CSR value, then send it to:
https://gw-fatoora.zatca.gov.sa/e-invoicing/developer-portal/compliance
to get BinarySecurityToken and secret
2- use BinarySecurityToeken + “:” + secret, and convert tobase64String, and add "Basic " at start.
i always received 401 error on (https://gw-fatoora.zatca.gov.sa/e-invoicing/developer-portal/invoices/reporting/single)
But when i used cert4sign website, and send to it the same data used for generate CSR, it returns valid credentials, and i can use it.
I need to know:
1- Why i getting 401 if i generate CSR from my side?
2- Every time i need to send invoice, i need to generate CSR, certificate, Private key?
or i can generate all these value at once, and use it every time i need to send invoice.

Sorry for the length, and thank you for your effort.

Thanks Malik, it was very helpful to me
I understand now that in sandbox i use fixed credentials, but in Simulation, and production, generated credentials from my code should be works properly.
Thanks again, your efforts is much appreciated.

@Alattar and Community members, please do not use tools such as cert4sign.com. Such tools are unverified and poses high risk of identity theft. If any one has onboarded CSIDs using such unverified tools, we strongly recommend to revoke such CSIDs and onboard new ones.